Um 14:00 Uhr am 03.02.18 schrieb Michael Biebl: > Am 03.02.2018 um 13:27 schrieb Sven Hartge: >> Um 03:02 Uhr am 03.02.18 schrieb Michael Biebl:
>>> Does munin-node have the same mismatch? >> It has: >> But, as you can see, the directory is also used by the munin-updater >> which is run as user "munin" so you can't make the directory owned by >> root. > The alternative afaics would be, that the daemon writes the pid file as > munin:munin then (or ulog:ulog for the above case). No, this would open a potential DoS vector. Image an attacker gaining access to the munin user. He would then be able to write any PID to the PIDfile and the init system would kill the other process when the munin-node service is stopped/restarted. See https://security-tracker.debian.org/tracker/CVE-2017-14610 for example. Acknowleged, this is a a bit unlikely issue, but I don't think it would be wise to propagate it further. Also looking at the bigger picture here: This change in systemd, while with security in mind, changes the way PIDfiles have been handled for the last ... forever. Debian packages one might be able to fix but what about all the other 3rd party packages and locally written code out there? It is susceptible to break upon upgrade to Buster and who will be blamed (again)? systemd of course, "breaking all the things again". Grüße, Sven.
